Back to blog

Follow and Subscribe

Xavier Stevens

Staff Security Researcher, Fastly

Xavier Stevens is a Staff Security Researcher at Fastly, with a focus on threat research, detection engineering, and product innovation.

  • Next-Gen WAF for Microsoft Exchange | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    Fastly’s security research team has built and deployed a rule to protect Signal Sciences Next-Gen WAF customers against the recently announced Microsoft Exchange Server vulnerabilities.

    Prodotto
    Sicurezza

  • Atlassian Confluence OGNL Injection Vulnerability Protection | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    Our Security Research Team has built and deployed a rule to help protect customers of our next-gen WAF against the recently announced Confluence Server OGNL injection vulnerability, CVE-2021-26084.

    Sicurezza

  • Log4Shell exploit found in Log4j | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    CVE-2021-44228 is a Remote Code Execution vulnerability in the Apache Log4j library being actively exploited. We provide our observations into the exploit and a summary of its impact.

    Sicurezza
    Ingegneria

  • Log4Shell attacks (CVE-2021-44228) insights | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    We’re sharing our latest data and new insights into the Log4j/Log4Shell vulnerability (CVE-2021-44228 + CVE-2021-45046) in this post in order to help the engineering community cope with the situation. We also share our guidance around testing your environment against many of the new obfuscation methods that have been seen.

    Approfondimenti del settore
    Sicurezza

  • WAF framework measures WAF effectiveness | Fastly

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 1 more

    Our new WAF efficacy framework provides a standardized way to measure the effectiveness of a WAF’s detection capabilities through continuous verification and validation. Here’s how it works.

    Ingegneria
    Sicurezza

  • Spring: CVE-2022-22963 & Spring4Shell (CVE-2022-22965) | Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens, + 1 more

    In this post, we review details for two RCE vulnerabilities impacting Spring Cloud and Spring Framework, including how Fastly customers can protect themselves from this vulnerability.

    Sicurezza

  • Threat hunting network callbacks in WAF data

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens

    Threat hunting is the practice of looking for active attackers who have possibly penetrated security boundaries within an organization. WAF data can be a valuable resource in threat hunting for network callbacks. Here’s how.

    Sicurezza

  • What is TLS Fingerprinting?| Fastly

    Team di ricerca sulla sicurezza di Fastly, Xavier Stevens

    TLS fingerprinting has become a prevalent tool to help security defenders identify what clients are talking to their server infrastructure.

    Sicurezza

  • CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 3 more

    What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability

    Sicurezza

  • Network Effect Threat Report: Uncovering the power of collective threat intelligence

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 3 more

    Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023

    Sicurezza
    + 2 more

  • Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

    Team di ricerca sulla sicurezza di Fastly, Simran Khalsa, + 2 more

    We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.

    Sicurezza
    Approfondimenti del settore